Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Cannot modify header information - headers already sent by (output started at /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php:600) in /home3/walife/public_html/kennyhart.com/geek/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 62

Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Parameter 1 to wp_default_styles() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600
Security Archives - Page 3 of 5 - Ask the Geek Ask the Geek

Security

RSS feed

Have You Checked Out the Password Meter?

Unless you’re a subscriber to my list, you probably haven’t noticed the new page I added recently: Password Meter. It’s over there to the right just under the link to the Leave Feedback page. Go ahead, check it out; punch in some of the passwords you use and find out if they’re really as strong as you think they are. I bet you’ll be surprised.

This meter is one of the best I’ve ever seen because it takes into account all of the best practices I endorse for creating very strong, un-guessable passwords.

Let me know what you think in the comments section and if you like it, bookmark it using the button below.

Cheers!
The Geek

1

Viruses Pwned by Panda antivirus

When I turned on my laptop this morning, I was greeted with a red X on the Panda icon in my system tray. When I clicked on it, the program informed me that my beta version would expire in 10 days and I should download the latest release (dated 6/30/2009, Version 0.08.82). I was ready for a sales pitch; I’m happy to say there wasn’t one. Apparently, CloudAntivirus is still free and will remain so (it’s also still in Beta).

If you missed my previous article on this nifty security tool, read Check out Panda’s Cloud Antivirus: It’s a Winner! Be sure to watch the video I have linked in that article, too. Besides just being cool, the video will give you a new viewpoint on emerging security technology in the Cloud. While you’re at it, this Panda Security video ad’s also worth a look. (Check out the threat characters – very catchy.): Viruses pwned by Panda Antivirus [HQ].

Cheers!
The Geek

0

FTP Password Thieves – Are You The Next Victim?

Guest article by Arindam Chakraborty. You can check out his blog here: http://arindamchakraborty.com

**********
Just read this article a moment ago, and thought I should let you, since it affects webmasters in a big way:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1357912,00.html

There are seven ways to minimize your changes of getting hacked:

a) Use Secure File Transfer Protocol (SFTP) instead of FTP. Normally, this requires SSH access. The downside is that (from what I know) most web hosting companies don’t provide SSH access to their shared hosting customers! However, some do offer jailed SSH, which should be work as well! If you are on a VPS or Dedicated server, you should already have SSH access.

b) Use strong passwords: I use Roboform‘s password generating tool for this purpose! Usually its default settings work me, but if you need stronger passwords than what the tool offers by default, you can always customize the available options!

c) Keep your PC protected with Firewalls, Antivirus tools, Malware detectors, Anti-Spyware tools, etc. If you are looking for recommendations, here is a good forum thread to get you started:

http://forums.majorgeeks.com/showthread.php?&t=44525

Remember that different security tools work and behave differently on different systems, so it might take a few months of trial and error before you find the “perfect” solution for yourself!

Above all, UPDATE these security tools regularly!

d) Always download software programs from trusted sources, such as:

http://download.com

http://www.tucows.com/

e) As soon as you have downloaded a file, scan it with an antivirus tool to make sure it is not infected, especially if it happens to be an executable program!

f) Stay away from bad sites. If you visit sites that host porn, warez, keygen, etc., you cannot blame anyone but yourself in case you get infected with Trojans and viruses!

g) Avoid downloading files from Peer-to-Peer (P2P) connections: With most P2P networks, the uploaded content is hardly monitored, so your chances downloading a Trojan are very high. Another possibility is that of identity theft. You may be happily downloading some stuff using Limewire, while a couple of thieves are busy stealing your IP address, passwords, or other secret information they can use to harm you in future! Remote attacks are also a possibility!

If you really want to use P2P networks, use a strong P2P firewall and an IP address hiding tool to protect yourself; I am not sure if these security measures would cause you any inconvenience, though! Myself I have avoided P2P networks all my life. I miss out on a lot of goodies because many of them are required to be downloaded from P2P networks, and for heaven’s sake, no matter what happens, I would never do that! :D

Here is a helpful article on Peer to Peer networks and how they work:

http://en.wikipedia.org/wiki/Peer-to-peer

Also, keep in mind that even if you follow the seven steps above, there is no guarantee that you would be totally protected from FTP password thieves! However, these security measures would certainly minimize the chances of attacks!

Arindam Chakraborty

Filed in: Password, Security, Tips
0

Check out Panda’s Cloud Antivirus: It’s a Winner!

I’ve been using Panda Security’s free Cloud Antivirus for awhile and I must say I’m impressed. It’s there, but you’ll never know it unless you look (the little panda icon in the system tray). I rarely get malware of any kind, but Cloud AV has caught a couple of things that were probably drive-bys. It’s so transparent that I actually had to go check on it before I noticed that malware had been caught.

This is a perfect set-it-and-forget-it AV for the regular user. It’s free, self-updating and doesn’t require any decisions on the part of the user. But the great part about it is how it works. Watch the video. It’s really slick, blocking malware within 6 minutes when encountered by anyone who has it installed; it’s truly real time updating.

That’s my two cents. You be the judge and try it for yourself.

Cheers!
The Geek

0

“14 Golden Rules of Computer Security” Nearing Completion

My new eBook, “14 Golden Rules of Computer Security” is almost complete and will be ready for downloading shortly. Written with the non-technical person in mind, the book is packed with proven, practical advice on how to stay safe on the Wild, Wild Web including bonus articles about creating strong, easy-to-remember passwords and email security tips. I give you tons of links to free and low-cost tools as well as special discounts for software and services by some of the best computer security companies in the business. It’s a must-have for every computer owner.

Based upon my popular “How to Secure Your Computer” series of web articles and fully updated with late-breaking information on safe searching and social networks, “14 Golden Rules of Computer Security” will help you develop your own secure computing practices and save you from the hassle of dealing with unpleasant malware attacks.

The book will cost $9.95 for the general public, but all Ask the Geek subscribers will be sent a download link and password for a free copy, so be sure to sign up. (If you already closed the subscription panel, you can sign up by clicking here or on the Sign Up! link on the Pages sidebar.)

Sign up today and then watch your email for the release announcement and download instructions.

0

How to make a bootable thumb drive virus scanner for NTFS: 2009 update

NOTE! The BLTDVS Toolkit in its original form is now obsolete. The current state of the art has yielded self-contained USB installer tools for most of the popular antivirus rescue CDs.

I have updated this article: Make an Anti Virus Bootable USB Thumb Drive with the latest information and put two versions of popular rescue CD USB installers in the revised BLTDVS Toolkit which is still available for download from the original location when you sign up for my newsletter list.

Once again, in May 2009, I have had to revise this article because Avira’s updates no longer work (thanks, Cindy, for your help in pointing out the problem to me). This new revision supercedes all previous articles I have posted on this subject; specifically, these two:

http://askthegeek.kennyhart.com/2005/12/how-to-make-bootable-thumb-drive-virus.html

http://askthegeek.kennyhart.com/2007/03/update-how-to-make-bootable-thumb-drive_20.html

“How to make a bootable thumb drive virus scanner for NTFS” is the second most popular article on this site, outranked only by “My Computer Won’t Shut Down!” and I thank you for visiting Ask the Geek for advice on these issues. Because of the continuing popularity of the thumb drive virus scanner, I want to make sure you have up to date and relevant information. The two articles listed above are outdated.

The original DOS-based version of the thumb drive virus scanner used F-Prot Antivirus for DOS, one of the best and most popular DOS-based? scanners for nearly 20 years. Unfortunately, F-Secure is no longer updating the virus definitions for that version. In fact, the F-Prot virus signatures are now almost two years old, making them virtually useless. Other vendors are following suit. I’ve had quite a bit of feedback asking me if I could solve this problem and provide an updated method of offline virus scanning.

The good news is that, yes, I’ve solved the problem, thanks to the fact that several vendors offer free bootable rescue CDs for download. Most of these run under some flavor of Linux and after a bit of hacking, I found it’s a simple matter to make a bootable thumb drive from the images.

Note: Avira has changed the ISO image *again* since this article was first posted. I have had comments from some people that the new ISOs just don’t work right on the thumb drive. As of May 2009, the VDF updates cause the old version to fail. I have revised the steps below and updated the BLTDVS toolkit. 

I chose the Kaspersky Rescue CD from Kaspersky Lab for my latest incarnation of the thumb drive virus scanner. Since it runs under Linux, it has native NTFS read/write support making it unnecessary to use any third party tools like NTFS4DOS (which is still available, but no longer supported by Avira).

Here’s how to be up and running with your own copy of my latest tool in just a few minutes. I’ve made it easy by providing everything you need, except the rescue CD image:

  1. I no longer require that you make a donation, but would appreciate it greatly. I’ve worked hard to keep the BLTDVS toolkit up to date and will contintue to do so.
  2. I do require that you sign up on my list. That is the only way to get the download link and password for the BLTDVS toolkit. Once you sign up and confirm your subscription, the welcome email will give you instructions, a link to the new toolkit, and the password.
  3. If you bypassed the fade-in sign-up form when you arrived at this page, you can click here to go to another sign-up page or click on Sign Up! in the toolbar to the right.
  4. Download the BLTDVS toolkit from the link I send you.
  5. Extract the folder to the root of your hard drive.
  6. Download the Kaspersky Rescue CD ISO image
  7. Move the CD ISO image to the BLTDVS_toolkit folder?
  8. Plug in your thumb drive.
  9. Open the BLTDVS_toolkit folder and navigate to the DriveKey folder.
  10. Run HPUSBF.EXE (command line version) or HPUSBW.EXE (windows version) and format your thumb drive using FAT or FAT32. Deselect the “Create a DOS startup disk” option.
  11. Open the BLTDVS_toolkit folder and copy or move its contents to your thumb drive. Don’t move the actual folder.
  12. On your thumb drive, double-click avrescd.bat. This will extract the necessary files from the ISO image to your thumb drive. Be sure you specify the right drive letter for your thumb drive.
  13. Once the files have been extracted, makeboot.bat will be called automatically. See the caution in the next step!
  14. CAUTION! This step is dangerous! Heed the warning message. Please verify the correct flash drive letter is being displayed before proceeding. Do not run this file on your hard drive or your current MBR will be overwritten rendering Windows unbootable. (This isn’t a complete disaster, but it takes some geeky knowledge to fix it.)? NOTE: If you are usingVista, you may see a “failure to update the MBR” error. In this case, right-click the file and specify “Run as administrator.”
  15. Hit any key to exit. You now have bootable Linux thumb drive virus scanner that will handle NTFS drives as well as most other formats.

One really cool feature of the Kaspersky program is that it will allow you to update it over the Internet as long as you’re plugged into your network. It doesn’t work well with a wireless connection (which both of my laptops have), but I haven’t had a bit of trouble getting an address and updating when I’m plugged in.

Another great feature of the program is that it has a built in file manager, so you can also use it to recover files from an infected hard drive without having to boot into the native OS.

As always, feedback is welcome. I want to know how this tool is working for you.

(Thanks to PDLA ©2007 http://pendrivelinux.com and Lance ©2008? http://pendrivelinux.com. Syslinux is ©1994-2006 H. Peter Anvin http://syslinux.zytor.com for the files used in this tool.)

Cheers!
The Geek

14

Safe Computing Tips (and Other Changes)

I want to let everyone know of some new features you’ll be seeing here at Ask the Geek. First off, you’ll notice that there are more pages being posted. These are permanent pages that will always show up on the site, unlike the posts that usually wind up in the archives. I’ll be updating these frequently. The latest page is “Safe Computing Tips” and I suggest you check it out.

You’ll also notice a sign-up pop-up on some pages when you go to them. Please sign up so I can keep you up to date on new content and special offers from select vendors. I promise I won’t spam you with a bunch of useless junk; I will pass on any special offers that I become aware of from reputable hardware and software sellers.

For now, check out the “Safe Computing Tips” and sign up for my list. And be on the lookout for a new page that reviews top freeware, Open Source, and commercial software offerings.

As always, I’m glad to be of service and I look forward to keeping you as a loyal reader. If you ever need anything at all, feel free to hit the “Ask a Question” or “Leave Feedback” links over at the right.

Cheers!
The Geek

0

“psyb0t” Worm Infects Routers

Two router options, both of which I’ve said are security risks (see This Router Configuration Option Can Be Dangerous), can now be exploited to turn routers into zombie botnet members. My latest post at Security Corner, Worm Targets Home Networking Equipment, gives details and references to more news items. You can read those if you want, but for now, here’s what you should immediately do:

  1. Power cycle your router.
  2. Disable WAN-facing telnet, SSH or web-based configuration interfaces.
  3. Change the passwords to something unguessable (see this article).
  4. Upgrade to the latest firmware.

If you’re not sure how to handle this, find a geek who can. While the hacker who wrote this worm appears to have disabled the botnet’s control center, others will follow and it could get ugly.

You should also read and apply the Safe Computing Tips available as a free PDF download. Just click on the link to the right.

As always, I’m looking out for you.

Cheers!

The Geek

0

Why Your Wallet is the Best Password Manager

Although I use them to store passwords for sites that don’t require much security, password managers are something I generally stay away from. Why? Because they store the information on my hard drive, a thumb drive, or a website, all of which could be compromised by a determined hacker. Even a relatively unsophisticated hacker could exploit an unpatched vulnerability leaving my passwords open to inspection. My personal security policy is to make it as hard as possible for someone to get to my passwords.

So, I write them down and keep them in my wallet.

Yes, that is the most secure “password manager” there is. No one can get to your wallet from the Internet or your PC. Passwords written on a piece of paper and stored in your wallet are nearly impossible to compromise – someone would have to steal your wallet (or you’d have to lose it) to get at them. How likely is that? I’m 55 years old and have never lost my wallet or had one stolen. Even if someone did get hold of wallet, they wouldn’t know what sites the passwords apply to. I have a secret code that tells me which password goes with what site, and no one is likely to be able to decipher it.

Just be sure not to write down your username with the passwords.

Cheers!

The Geek

Filed in: Password, Security, Tips
2

How to make a bootable thumb drive virus scanner for NTFS: 2008 update

Once again, in May 2009, I have had to revise this article because Avira’s updates no longer work (thanks, Cindy, for your help in pointing out the problem to me). You can find the latest revision here as well. This new revision supercedes all previous articles I have posted on this subject; specifically, these two:

http://askthegeek.kennyhart.com/2005/12/how-to-make-bootable-thumb-drive-virus.html

http://askthegeek.kennyhart.com/2007/03/update-how-to-make-bootable-thumb-drive_20.html

“How to make a bootable thumb drive virus scanner for NTFS” is the second most popular article on this site, outranked only by “My Computer Won’t Shut Down!” and I thank you for visiting Ask the Geek for advice on these issues. Because of the continuing popularity of the thumb drive virus scanner, I want to make sure you have up to date and relevant information. The two articles listed above are outdated.

The original DOS-based version of the thumb drive virus scanner used F-Prot Antivirus for DOS, one of the best and most popular DOS-based? scanners for nearly 20 years. Unfortunately, F-Secure is no longer updating the virus definitions for that version. In fact, the F-Prot virus signatures are now almost two years old, making them virtually useless. Other vendors are following suit. I’ve had quite a bit of feedback asking me if I could solve this problem and provide an updated method of offline virus scanning.

The good news is that, yes, I’ve solved the problem, thanks to the fact that several vendors offer free bootable rescue CDs for download. Most of these run under some flavor of Linux and after a bit of hacking, I found it’s a simple matter to make a bootable thumb drive from the images.

Note: Avira has changed the ISO image *again* since this article was first posted. I have had comments from some people that the new ISOs just don’t work right on the thumb drive. As of May 2009, the VDF updates cause the old version to fail. I have revised the steps below and updated the BLTDVS toolkit. Because of? the popularity of this toolkit, I am getting bills for excess bandwidth useage. If you find this toolkit useful, please consider making a donation by clicking the “Donate” button. As soon as I am notified of your donation (any amount, minimum $1), I’ll send you the link to the toolkit that contains the ISO image I originally tested.

I chose the Kaspersky Rescue CD from Kaspersky Lab for my latest incarnation of the thumb drive virus scanner. Since it runs under Linux, it has native NTFS read/write support making it unnecessary to use any third party tools like NTFS4DOS (which is still available, but no longer supported by Avira).

Here’s how to be up and running with your own copy of my latest tool in just a few minutes. I’ve made it easy by providing everything you need, except the rescue CD image:

  1. I no longer require that you make a donation, but would appreciate it greatly. I’ve worked hard to keep the BLTDVS toolkit up to date and will contintue to do so.
  2. I do require that you sign up on my list. That is the only way to get the download link and password for the BLTDVS toolkit. Once you sign up and confirm your subscription, the welcome email will give you instructions, a link to the new toolkit, and the password.
  3. If you bypassed the fade-in sign-up form when you arrived at this page, you can click here to go to another sign-up page or click on Sign Up! in the toolbar to the right.
  4. Download the BLTDVS toolkit from the link I send you.
  5. Extract the folder to the root of your hard drive.
  6. Download the Kaspersky Rescue CD ISO image
  7. Move the CD ISO image to the BLTDVS_toolkit folder?
  8. Plug in your thumb drive.
  9. Open the BLTDVS_toolkit folder and navigate to the DriveKey folder.
  10. Run HPUSBF.EXE (command line version) or HPUSBW.EXE (windows version) and format your thumb drive using FAT or FAT32. Deselect the “Create a DOS startup disk” option.
  11. Open the BLTDVS_toolkit folder and copy or move its contents to your thumb drive. Don’t move the actual folder.
  12. On your thumb drive, double-click avrescd.bat. This will extract the necessary files from the ISO image to your thumb drive. Be sure you specify the right drive letter for your thumb drive.
  13. Once the files have been extracted, makeboot.bat will be called automatically. See the caution in the next step!
  14. CAUTION! This step is dangerous! Heed the warning message. Please verify the correct flash drive letter is being displayed before proceeding. Do not run this file on your hard drive or your current MBR will be overwritten rendering Windows unbootable. (This isn’t a complete disaster, but it takes some geeky knowledge to fix it.)? NOTE: If you are usingVista, you may see a “failure to update the MBR” error. In this case, right-click the file and specify “Run as administrator.”
  15. Hit any key to exit. You now have bootable Linux thumb drive virus scanner that will handle NTFS drives as well as most other formats.

One really cool feature of the Kaspersky program is that it will allow you to update it over the Internet as long as you’re plugged into your network. It doesn’t work well with a wireless connection (which both of my laptops have), but I haven’t had a bit of trouble getting an address and updating when I’m plugged in.

Another great feature of the program is that it has a built in file manager, so you can also use it to recover files from an infected hard drive without having to boot into the native OS.

As always, feedback is welcome. I want to know how this tool is working for you.

(Thanks to PDLA ©2007 http://pendrivelinux.com and Lance ©2008? http://pendrivelinux.com. Syslinux is ©1994-2006 H. Peter Anvin http://syslinux.zytor.com for the files used in this tool.)

Cheers!
The Geek

Technorati tags: , , , , , , , , , ,

3
© 2017 Ask the Geek. All rights reserved.